Security and privacy: Why Internet users must demand both

The conflict between privacy and security is a long-running one, often inflamed by global threats, but always present. In a 2008 Wired article, the extent to which individual privacy should be sacrificed for matters of national security was laid bare by the then-director of national intelligence Michael McConnell.

“In order for cyberspace to be policed, Internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer, or Web search. ‘Google has records that could help in a cyber-investigation,’ he said. Giorgio warned me, ‘We have a saying in this business: Privacy and security are a zero-sum game.’"

It is clear then that the US government, and no doubt many others around the world, believe that nothing is sacred when it comes to the so-called protection of its citizens. Edward Snowden’s revelations revealed that surveillance programmes are endemic at both the NSA and GCHQ and in an age where so much of our lives occurs online, is it naive to think we can maintain even a semblance of privacy?

To make matters worse, recently proposed changes to the US Computer Fraud and Abuse Act could give the authorities even greater access to individual data. Obama has attempted to push through tighter security measures for the past three years, but has often been rebuked by privacy groups. However, with the high-profile Sony Pictures hack fresh in everyone’s minds it remains to be seen whether the bill will receive approval.

If it does, it will reflect an oft-quoted, but erroneous belief that citizens can have security or privacy, but not both. Past measures actually indicate that security proposals that impinge upon civil liberties are not usually the most effective.

“Liberty-depriving security measures are most often found when system designers failed to take security into account from the beginning,” says security expert Bruce Schneier. “They're Band-aids, and evidence of bad security planning. When security is designed into a system, it can work without forcing people to give up their freedoms.”

To refer back to the Sony hack, or last year’s Home Depot data breach, it was the failure of the companies in question to have robust security measures in place that ultimately allowed the attacks to take place. These could have been prevented, not by greater surveillance, but through regular assessment of the security measures already in place.

If the Obama Administration is successful in gaining access to even more personal data, will that really make the US and its people more secure? There is already so much data available, that the proposals should instead focus on targeted data collection and more effective analysis.

Leaked NSA documents suggest that the government is implementing a pervasive project, a blanket approach that attempts to target all forms of communication rather than focusing on particular risks to the US. The agency frequently uses the terms: “collected all,” “know it all,” “exploit all,” but attempting to collect too much data can actually be to the detriment of national security as it blurs the boundaries between genuine threats and useless information.

Whether restricting individual liberty does actually bolster defences is an issue that is likely to be long debated, but the inherent value of privacy should never be called into question. Those in favour of increased surveillance often argue that you should only be concerned if you have something to hide, but invasions of privacy go far beyond criminal matters and can expose our most intimate secrets, things that we believe are ours, and ours alone, to share. As Canadian privacy advocate David Flaherty argues, “There is no sentient human being in the Western world who has little or no regard for his or her personal privacy.”

If privacy is so important, as is of course personal security, how do we align these seemingly polar opposites? While legal solutions are likely to take many years to implement, technological ones are more forthcoming.

Encryption, the kind implemented increasingly by private companies like Google and Apple, is key. While it will not prevent government data grabs, it will stop widespread bulk collections and force surveillance to become more targeted, and hence more effective. Anonymity tools and secure operating systems also provide increased privacy without compromising national security.

Intelligence agencies like the NSA and GCHQ must also invest more in data analysis and shift their focus towards a more focused approach to online security, rather than an Orwellian all-seeing surveillance programme.

The biggest reason why we have a right to demand security and privacy is that both are ultimately attainable. For too long, the discussion has branded these principles as two opposing tenets of the Internet; but the argument is a lazy one. Fear has led to many of us to sacrifice our privacy, but the knowledge that we can create a secure web without this compromise can lead to a better Internet for everyone.